Network System Architect

About The Position

Requirements

• Bachelor’s degree in Computer Science, Information Technology, Electrical Engineering, or a closely related field.
• 8 years of progressive experience in network design, implementation, and management.
• Proven track record designing large scale, multi-site enterprise networks (LAN/WAN, SD WAN, MPLS, VPN, etc.).
• Experience with cloud networking (AWS, Azure, GCP) and hybrid cloud architectures.
• Hands-on experience with network security (firewalls, IDS/IPS, Zero Trust, segmentation).
• Familiarity with virtualization (VMware, Hyper V, KVM) and software defined networking (SDN, NFV).
• Deep knowledge of routing protocols (OSPF, EIGRP, BGP, IS-IS).
• Switching technologies (VLANs, STP, MSTP, EtherChannel, QOS).
• Network design tools (SolarWinds, Lucidchart, Visio).
• Network monitoring & troubleshooting (Wireshark, NetFlow, sFlow, SNMP).
• Security technologies (Cisco ASA/Firepower, Fortinet, Palo Alto, Check Point).
• Cloud networking services (AWS VPC, Azure VNets, GCP VPC, Direct Connect, ExpressRoute).
• Experience with network automation frameworks (Ansible, Terraform, Python).
• Knowledge of Zero Trust architecture and micro segmentation.
• Familiarity with network performance monitoring and capacity planning tools.
• Previous DoD/government cyber security experience Guidance on proper diagrams and documentation required
• Experience with Risk Management Framework (RMF) and Authorizing Officials (AO)
• Proven experience designing network architectures that directly support NIST SP 800-53 Rev.5 controls including boundary definition, segmentation, encryption in transit, auditing, and least-privilege enforcement across developmental and operational networks
• Ability to produce and maintain RMF-ready architecture artifacts such as layer 3 network diagrams, data flows, trust boundaries, etc that support the RMF SSP, SCTM, and other control validation tasks
• Demonstrated ability to translate NIST Rev 5 requirements into technical network designs, including evaluating control tradeoffs, proposing compensating controls, and supporting risk-based decisions with cyber compliance teams
• Experience with applying applicable Security Technical Implementation Guides (STIG) guidance
• Multi-Factor Authentication (MFA) implementation in a classified environment
• Implementation of Active Directory Domain solutions across enterprise networks
• Experience with Cross-Domain System (CDS) and Data Guard configuration and authorization.
• Strong analytical and problem solving abilities.
• Excellent communication skills (technical and non-technical stakeholders).
• Project management experience (Agile/Scrum and Waterfall).
• Ability to mentor junior engineers and lead cross functional teams.
• Must comply with all company security and data protection / usage policies and procedures.
• Personally responsible for proper marking and handling of all information and materials, in any form.
• Shall not divulge any information, or afford access, to other employees not having a need-to-know.
• Shall not divulge information outside company without management approval.
• All government and proprietary information will be accessed and stored electronically on company provided resources.
• Incumbent must be eligible for DoD Personal Security Clearance.
• Due to U.S. Government contract requirements, only U.S. citizens are eligible for this role.

Nice To Haves

• Master’s degree (e.g., MBA, MS in Network Engineering)
• Cisco Certified Inter-network Expert (CCIE) – Routing & Switching (or CCIE Enterprise Infrastructure).
• Cisco Certified Design Professional (CCDP).
• Cisco Certified Network Professional (CCNP) – Enterprise (Routing & Switching, Security, Data Center).
• Juniper Networks Certified Internet Expert (JNCIE) – Routing or Switching.
• VMware Certified Professional – Network Virtualization (VCP NV).
• AWS Certified Advanced Networking – Specialty or Microsoft Certified: Azure Network Engineer Associate.
• CompTIA Network+ (entry level baseline).
• Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM)
• Understanding of regulatory compliance (HIPAA, PCI DSS, GDPR) as it applies to network design.
• Demonstrated ability to translate NIST Rev 5 requirements into technical network designs, including evaluating control tradeoffs, proposing compensating controls, and supporting risk-based decisions with cyber compliance teams

Responsibilities

• Architectural Design Develop end to end WAN architecture that meets performance, scalability, and security requirements for the Air Force Training, Modeling and Simulation Community.
• Translate mission critical operational needs into detailed network design documents, including topology, routing protocols, and redundancy strategies.
• Implementation & Deployment Lead the installation, configuration, and testing of WAN components (MPLS, SDWAN, VPN, satellite links, edge routers, firewalls, and load balancers).
• Coordinate with field teams to ensure seamless integration with existing LAN, data center, and cloud environments.
• Performance & Reliability Management Define and enforce key performance indicators (KPIs) such as latency, jitter, packet loss, and uptime.
• Conduct capacity planning, traffic engineering, and fault tolerance assessments to guarantee mission availability.
• Security & Compliance Design and implement secure network boundaries, segmentation, and encryption mechanisms in line with DoD and CAE security policies.
• Perform regular vulnerability assessments, penetration testing, and compliance audits.
• Stakeholder Collaboration Work closely with simulation developers, cybersecurity teams, logistics planners, and senior leadership to align network solutions with operational goals.
• Provide technical guidance and training to internal teams and external partners.
• Documentation & Knowledge Management Produce and maintain comprehensive network diagrams, configuration baselines, change-management records, and troubleshooting guides.
• Capture lessons learned and best practices for future projects.
• Vendor & Budget Management Evaluate and select networking equipment, software, and service providers.
• Prepare cost estimates, manage project budgets and timelines.
• Continuous Improvement Monitor emerging WAN technologies (e.g., SDWAN, edge computing) and recommend enhancements to keep the network state of the art.
• Lead post deployment reviews and iterative optimization cycles.

Benefits

• Comprehensive and competitive benefits package and flexibility that promotes work-life balance
• A work environment where all employees are valued, respected and safe
• Freedom to succeed by enabling team members to deliver, take initiatives and make decisions
• Recognition, professional development, advancement and having fun!